<?php
    require('common.php');
        
    $db = new Database();
    $user = getUser($db);
    
    // Error check
    if($user['group'] < 1) {
        redirect('index.php');
        exit();
    }
    checkCsrfGuard();
    if( !isset($_POST['id']) || !isset($_POST['answer']) || 
        !isset($_POST['correct']))
        throw new Exception('Bad request.');
    if($_POST['correct'] != '0' && $_POST['correct'] != '1')
        throw new Exception('Bad request.');
    
    // The the block
    $result = $db->query('SELECT block FROM '.config('DB_PREFIX').'questions '.
        'WHERE id='.intval($_POST['id']));
    if(mysqli_num_rows($result) == 0)
        throw new Exception('No such question');
    $result = mysqli_fetch_assoc($result);
    $blockid = $result['block'];
        
    // Create the answer
    $db->query('INSERT INTO '.config('DB_PREFIX').'answers '.
        '(user, question, answer, correct, time) VALUES ('.
        $user['id'].', '.
        intval($_POST['id']).', '.
        $db->escape($_POST['answer']).', '.
        intval($_POST['correct']).', '.
        time().')');
    

    
    
    // Success
    redirect('nextq.php?id='.$blockid);
?>